Tyler Close wrote:
The study results were presented at the workshop, but the authors have not yet published a paper, so I can't provide a link as yet.
Exactly how useful this test was depends entirely on what instruction the users were given on how to use the anti-phishing features of the current implementation, and what instructions they were given for alternative implementations.
An instruction of "if the domain indicator doesn't match the domain you think you should be on, it's dodgy", if followed, works for 100% of sites in Firefox 1.0.4.
It also depends on how realistic the scenario was. If a user was told "Your bank is called FooBank. Which of these sites are phishes?", and was given www.foobankinc.com, www.foo-bank.com and so on, that's unrealistic - as a user will have visited FooBank's website many times before, and will know the address which has always appeared in the past.
Still, I look forward to reading the paper. Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
